IPv6, sometimes called the next generation Internet, is a protocol that will someday supplant the current Internet Protocol, which is more accurately called IPv4. When that day arrives, Windows Firewall is ready. For more information about IPv6, visit http://www.ipv6.org. The user interface for configuring Windows Firewall is convenient for ad hoc management of the firewall on a single computer. But if you perform certain tasks repeatedly, or if you have to configure multiple computers, it s much easier to set up a batch program or script that contains the commands needed to perform the task. Likewise, Group Policy (particularly in a domain environment) eases the burden of repetitive tasks. In addition, you can configure the operational mode and exceptions list for Windows Firewall during unattended setup.

Configuration can be done with command lines or using Group Policy.

Enabling or Disabling Windows Firewall

You manage Windows Firewall through its Control Panel application, which is new with Service Pack 2. (In previous versions of Windows XP, ICF was managed through a tab in the properties dialog box for each network connection.) You can, of course, open Windows Firewall directly from Control Panel. Category View users will find its icon in Network And Internet Connections as well as in Security Center. Other ways to open Windows Firewall include:

In the properties dialog box for a network connection, click the Advanced tab and then

click Settings in the Windows Firewall box.

At a command prompt, type firewall.cpl.

Note Security Center and Network Connections make ideal launch pads for Windows Firewall because both show at a glance whether Windows Firewall is enabled. Security Center, of course, dedicates the top part of its status section to firewall status. In Network Connections, each connection for which Windows Firewall is enabled has a small padlock in its icon. Regardless of how you open Windows Firewall, you ll see a dialog box like the one shown in Figure 6-5. To enable Windows Firewall for all network connections, select On. To disable Windows Firewall, of course, select Off. In general, the only reason to turn off Windows Firewall is if you have installed a third-party firewall that you plan to use instead of Windows Firewall.

Part 2: Keeping Your System Secure

6

Microsoft Windows XP Inside Out, Second Edition

f06dx05

Figure 6-5. The General tab of the Windows Firewall dialog box houses the main on/off switch for Windows Firewall.

Preventing All Incoming Traffic

The Don t Allow Exceptions check box on the General tab provides additional safety. When it s selected, Windows Firewall rejects all unsolicited incoming traffic even traffic that would ordinarily be permitted by an exception. (For information about exceptions, see Allowing Connections Through the Firewall, on the next page.) Invoke this mode when extra security against outside attack is needed. For example, you might disable exceptions when you re using a public wireless hotspot or when you know that your computer is actively under attack by others. Note Selecting Don t Allow Exceptions does not disconnect your computer from the Internet. Windows Firewall does not block outbound traffic, so even in no exceptions mode, you can still use your browser to connect to the Internet. Similarly, other outbound connections whether they re legitimate services or some sort of spyware continue unabated.

Disabling Windows Firewall for Individual Connections

Windows Firewall ordinarily monitors all network connections for unwanted traffic. In some situations, you might want to disable its protection for one or more connections while leaving it on for others. (For example, you might have a print server on your internal LAN connection that refuses to work with Windows Firewall but you still want to protect your external dial-up connection.) That s easily done, as follows:

Part 2: Keeping Your System Secure

6

1 In Windows Firewall, click the Advanced tab. 2 Clear the check box of each connection for which you want to disable Windows Firewall.

Part 1: Part Title

Security Essentials

Allowing Connections Through the Firewall

In some situations, you want to allow other computers to initiate a connection to your computer. For example, your computer might be set up as a Web server that you want to make available to Internet users. A more likely scenario is that you want to share some of your computer s folders with other users on your network. Or perhaps you use an instant messaging program that requires inbound connections so others can contact you. In each of these cases, you set up an exception in Windows Firewall. An exception pokes a small hole in the firewall and allows a certain type of traffic to pass through the firewall.